Microsoft Explains Windows 8 Secure Boot

Microsoft has been outlining some of its security procedures for Windows 8.

Key to Windows 8’s “platform integrity architecture” is its Unified Extensible Firmware Interface (UEFI), a set of specifications for how the operating system communicates with platform firmware during the boot-up process.

UEFI features a firmware validation process known as “secure boot,” which dictates how that firmware manages security certificates, firmware validation and the like.

Secure Boot

“Microsoft’s platform integrity architecture creates a root of trust with platform firmware using UEFI secure boot and certificates stored in firmware,” Tony Mangefeste, a member of the Windows Ecosystem team, wrote in a 22 September posting on the “Building Windows 8” blog. “With Windows 8’s secured boot architecture and its establishment of a root of trust, the customer is protected from malicious code executing in the boot path by ensuring that only signed, certified ‘known good’ code and boot loaders can execute before the operating system itself loads.”

In theory, UEFI secure boot will allow machines running Windows 8 to sidestep a current vulnerability in many PCs, namely that the pre-operating system environment is vulnerable to malicious loaders redirecting the boot loader handoff.

“For Windows customers, Microsoft is using the Windows Certification program to ensure that systems shipping with Windows 8 have secure boot enabled by default,” Mangefeste said. Windows Certification will also ensure “that firmware not allow programmatic control of secure boot (to prevent malware from disabling security policies in firmware), and that OEMs prevent unauthorised attempts at updating firmware that could compromise system integrity.”

Marketing Push

During the BUILD conference earlier in September, Windows and Windows Live division President Steven Sinofsky demonstrated Windows 8’s security measures by having a fellow executive plug a USB with a rootkit virus into the port of a tablet running the operating system.

The device failed to boot up and compromise the system.

For the past few weeks, Microsoft has unveiled aspects of its Windows 8 operating system, which is being designed to run on both tablets and traditional PCs. It will do so by offering two distinct user environments: the desktop, instantly familiar to anyone who’s used Windows, alongside a touch-enabled interface featuring colorful tiles that link to applications.

Microsoft executives have spent considerable time over the past few weeks trumpeting Windows 8’s “no compromises” ability to provide both a lightweight mobility experience and the sort of features desired by power users. Security, obviously, is a huge factor in all of that.

Nicholas Kolakowski eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved.

Share
Published by
Nicholas Kolakowski eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved.
Tags: windows 8

Recent Posts

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

14 mins ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

44 mins ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

1 hour ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

2 hours ago

North Koreans Stole $1.34bn In Crypto This Year

North Korea-liked hackers have stolen a record $1.34bn in cryptocurrency so far this year, as…

2 hours ago

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago